diff --git a/.github/workflows/dry-run-release-scheduled.yml b/.github/workflows/dry-run-release-scheduled.yml
new file mode 100644
index 0000000000..8b239d4772
--- /dev/null
+++ b/.github/workflows/dry-run-release-scheduled.yml
@@ -0,0 +1,26 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+# This workflow performs a scheduled dry-run for smithy-rs release.
+# When run, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.
+
+name: Scheduled smithy-rs dry-run release
+run-name: ${{ github.workflow }}
+on:
+  schedule:
+    # Runs 00:00 UTC every day
+  - cron: 0 0 * * *
+
+jobs:
+  smithy-rs-scheduled-dry-run-release:
+    name: Scheduled dry-run release
+    uses: ./.github/workflows/release.yml
+    with:
+      commit_sha: main
+      dry_run: true
+      skip_ci: true
+    secrets:
+      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
+      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
+      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
+      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
diff --git a/.github/workflows/dry-run-release.yml b/.github/workflows/dry-run-release.yml
index 08c56a2cd1..385a389a4a 100644
--- a/.github/workflows/dry-run-release.yml
+++ b/.github/workflows/dry-run-release.yml
@@ -1,15 +1,12 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-# This workflow performs a dry run for smithy-rs release. It can be triggered via either cron or manually.
-# When ran, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.
+# This workflow performs a manual dry-run for smithy-rs release.
+# When run, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.
 
-name: Smithy-rs dry run release
-run-name: ${{ github.workflow }} ${{ inputs.commit_sha == ''  && 'scheduled' || (inputs.commit_sha) }}
+name: Smithy-rs dry-run release
+run-name: ${{ github.workflow }}-${{ inputs.commit_sha }}
 on:
-  schedule:
-    # Runs 00:00 UTC every day
-  - cron: 0 0 * * *
   workflow_dispatch:
     inputs:
       commit_sha:
@@ -19,6 +16,11 @@ on:
           Alternatively, you can use the name of a branch.
         required: true
         type: string
+      skip_ci:
+        description: Skip CI
+        required: true
+        type: boolean
+        default: true
 
 jobs:
   smithy-rs-manual-dry-run-release:
@@ -28,17 +30,9 @@ jobs:
     with:
       commit_sha: ${{ inputs.commit_sha }}
       dry_run: true
+      skip_ci: ${{ inputs.skip_ci }}
     secrets:
       RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
       RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
-
-  smithy-rs-scheduled-dry-run-release:
-    name: Scheduled dry run release
-    if: ${{ github.event_name == 'schedule' }}
-    uses: ./.github/workflows/release.yml
-    with:
-      commit_sha: main
-      dry_run: true
-    secrets:
-      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
-      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
+      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
+      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
diff --git a/.github/workflows/prod-release.yml b/.github/workflows/prod-release.yml
index 2192f4420e..a479a8ab16 100644
--- a/.github/workflows/prod-release.yml
+++ b/.github/workflows/prod-release.yml
@@ -24,6 +24,9 @@ jobs:
     with:
       commit_sha: ${{ inputs.commit_sha }}
       dry_run: false
+      skip_ci: false
     secrets:
       RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
       RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
+      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
+      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 24a311e5a2..03d2a61992 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,11 +24,19 @@ on:
         description: When true, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.
         required: true
         type: boolean
+      skip_ci:
+        description: Skip CI when executing a release
+        required: true
+        type: boolean
     secrets:
       RELEASE_AUTOMATION_BOT_PAT:
         required: true
       RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN:
         required: true
+      CANARY_GITHUB_ACTIONS_ROLE_ARN:
+        required: true
+      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME:
+        required: true
 
 jobs:
   check-actor-for-prod-run:
@@ -80,14 +88,19 @@ jobs:
         retention-days: 1
 
   release-ci:
-    name: Prerelease checks
-    if: inputs.dry_run == false
+    name: Pre-release checks
+    # We need `always` here otherwise this job won't run if the previous job has been skipped
+    # See https://samanpavel.medium.com/github-actions-conditional-job-execution-e6aa363d2867
+    if: always() && inputs.skip_ci == false
     needs:
     - acquire-base-image
     uses: ./.github/workflows/ci.yml
     with:
       run_sdk_examples: false
       git_ref: ${{ inputs.commit_sha }}
+    secrets:
+      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
+      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
 
   check-semver-hazards:
     name: Check for semver hazards